The nonprofit Mozilla Foundation issued its first “Internet Health Report,” detailing notable cybersecurity trends related to hot topics such as government surveillance and the Internet of Things (IoT). The report focused on open innovation, digital inclusion, decentralization, privacy and web literacy on a global scale.

Inside the ‘Internet Health Report’

With the report, Mozilla hopes to popularize the term “internet health” similar to how environmentalists engaged the public with the term “global warming,” Solana Larsen, the editor of the 40-page report, told Threatpost. “We want to work with people and organizations that care about a healthy internet,” she said.

The authors of the report were encouraged by the encryption efforts of companies such as Let’s Encrypt and similar initiatives to democratize what can be a daunting process of issuing encrypted certificates for authentication. They also applauded products such as WhatsApp, which has made secure communications both practical and widely available.

Should the upward trend of government network surveillance continue, the report said, the use of these products should increase accordingly.

Pressuring IoT Manufacturers

The report also examined the increasing threat of malware targeting IoT devices. The authors argued that consumers and organizations must hold manufacturers accountable for embedding security into every stage of the development process. While this effort could increase the cost of IoT products, it would also provide invaluable benefits related to functionality and security.

While this is just the first Mozilla Foundation report, it provides a global narrative for the online ecosystem today. By taking a wide view of the internet as a whole, the authors hope to encourage users to examine more than just one local segment of the system. While local situations can drastically affect local use, the report evaluated how the entire internet functions on a global scale.

The “Internet Health Report” explicitly stated that the internet is a globally connected system — what happens in one segment affects all others. It is a credible first step toward better global cybersecurity practices.

More from

Hackers are Increasingly Targeting Auto Dealers

Auto dealerships are increasingly concerned with cybersecurity in the face of new regulations and an alarming rise in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global found that 85% of dealerships say cybersecurity is very or extremely important relative to other operational areas. Additionally, 89% say cybersecurity is more important than last year, a 12% increase. Not surprisingly, only 37% of auto retailers are confident in the current protection, which is a 21% decrease from 2021.…

Container Drift: Where Age isn’t Just a Number

Container orchestration frameworks like Kubernetes have brought about untold technological advances over the past decade. However, they have also enabled new attack vectors for bad actors to leverage. Before safely deploying an application, you must answer the following questions: How long should a container live? Does the container need to write any files during runtime? Determining the container’s lifetime and the context in which it runs is critical, especially when hosting an internet-facing service. What is Container Drift? When deploying…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes. Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued. While this novel notes approach will eventually be phased out as phishing defenses catch up,…